Re: Pasword expiration warning
Dinesh Chemuduru <dinesh.kumar@migops.com>
From: Dinesh Chemuduru <dinesh.kumar@migops.com>
To: Gilles Darold <gilles@migops.com>
Cc: PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2021-11-19T15:16:29Z
Lists: pgsql-hackers
On Fri, 19 Nov 2021 at 20:19, Gilles Darold <gilles@migops.com> wrote: > Hi all, > > > Now that the security policy is getting stronger, it is not uncommon to > create users with a password expiration date (VALID UNTIL). The problem > is that the user is only aware that his password has expired when he can no > longer log in unless the application with which he is connecting notifies > him beforehand. > > > I'm wondering if we might be interested in having this feature in psql? For > example for a user whose password expires in 3 days: > > gilles=# CREATE ROLE foo LOGIN PASSWORD 'foo' VALID UNTIL '2021-11-22'; > CREATE ROLE > gilles=# \c - foo > Password for user foo: > psql (15devel, server 14.1 (Ubuntu 14.1-2.pgdg20.04+1)) > ** Warning: your password expires in 3 days ** > You are now connected to database "gilles" as user "foo". > > > My idea is to add a psql variable that can be defined in psqlrc to specify > the number of days before the user password expires to start printing a > warning. The warning message is only diplayed in interactive mode Example: > > $ cat /etc/postgresql-common/psqlrc > \set PASSWORD_EXPIRE_WARNING 7 > > +1 It is useful to notify the users about their near account expiration, and we are doing that at client level. Default value is 0 like today no warning at all. > > > Of course any other client application have to write his own beforehand expiration > notice but with psql we don't have it for the moment. If there is interest > for this psql feature I can post the patch. > > -- > Gilles Darold > >
Commits
-
Add password expiration warnings.
- 1d92e0c2cc47 19 (unreleased) landed